Javland.com ❲Web❳

| Issue | Severity | Recommendation | |-------|----------|----------------| | | Medium | Enable Strict-Transport-Security with a long max‑age (≥31536000 s). | | Weak Content‑Security‑Policy (CSP) | Medium | Define a restrictive CSP allowing only trusted origins for scripts, styles, and media. | | No Subresource Integrity (SRI) for third‑party libraries | Low | Add SRI hashes for external scripts (e.g., jQuery). | | Open redirects on some affiliate links | Medium | Validate and whitelist redirect destinations. | | Outdated PHP version (7.2) | High | Upgrade to a supported PHP release (8.2+) and apply security patches. | | No rate‑limiting on login API | Medium | Implement IP‑based throttling and CAPTCHA after failed attempts. |